[CentOS] Server Hacked: Cpanel

Wed Aug 9 21:52:04 UTC 2006
William L. Maltby <BillsCentOS at triad.rr.com>

On Wed, 2006-08-09 at 17:26 -0400, Bowie Bailey wrote:
> William L. Maltby wrote:
> ><snip>

> The solution to that is a secure password manager.
> http://passwordsafe.sourceforge.net/
> 
> You just have to remember the one password and the program will track
> all of the rest for you.  This way you can use gibberish passwords for
> important sites such as online banking and you don't have to remember
> them or write them down anywhere.  The password database is encrypted
> using Twofish and SHA-256.

I don't care for that concept. One password cracked gives access to all.
I would rather take the admitted risk of writing them down (in *my*
scenario, rather secure at home) and referring to that when needed.

The ones I use frequently will be remembered. I don't use them on the
road at all, so that's reasonable. I prefer to not have passwords stored
on computers any more that necessary.

No I'll admit I fudge a *small* amount. Those who have access in my home
know windows only, not Linux and I have no shares with them. They are
TDU (Typical Dumb Users) and don't know how to use SSH, FTP, ... or even
how to find my comps on the LAN (now SMB node or Domain Controllers
here).


> The only real downside is that if you don't have access to the
> password manager, you don't have access to anything else either.

Well, I do consider the one password exposes all a downside. But I also
grant that it is more secure than many alternatives.

> 
> Oh...and don't forget backup the password database! :)

I'm finalizing my LVM-based snapshots with aging of deleted files right
now, so I will be covered.

Thanks for the URL. I will go take a look. My mind is not yet
rusted closed even if (... *when*) I think I'm right! :-)

-- 
Bill
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20060809/e979e4b9/attachment-0005.sig>